cors VS csurf

// https://www.npmjs.com/package/nextjs-cors import NextCors from 'nextjs-cors'; async function handler(req, res) { // Run the cors middleware // nextjs-cors uses the cors package, so we invite you to check the documentation https://github.com/expressjs/cors await NextCors(req, res, { // Options methods: ['GET', 'HEAD', 'PUT', 'PATCH', 'POST', 'DELETE'], origin: '*', optionsSuccessStatus: 200, // some legacy browsers (IE11, various SmartTVs) choke on 204 }); // Rest of the API logic res.json({ message: 'Hello NextJs Cors!' }); }

import axios from "axios"; import Cors from "cors"; import initMiddleware from "../../lib/init-middleware"; // Initialize the cors middleware const cors = initMiddleware( // You can read more about the available options here: https://github.com/expressjs/cors#configuration-options Cors({ // Only allow requests with GET, POST and OPTIONS methods: ['GET', 'POST', 'OPTIONS'], }) ); export default async function myBooksHandler(req, res) { await cors(req, res); const address = req.query.address; const chain = "polygon"; const options = { method: 'GET', url: 'https://api.nftport.xyz/v0/accounts/creators/0x1xxxxxxxxxxxxx5b', params: {chain: 'polygon', include: 'metadata'}, headers: { 'Content-Type': 'application/json', Authorization: 'xxxxxxxxx' } }; try { const result = await axios.request(options) res.status(200).json({ result: result.data }) } catch (err) { res.status(500).json({ error: 'failed to load data' }) } };

CORS: Cross-Origin Resource-Sharing enabled using cors

import Cors from "cors"; function initMiddleware(middleware) { return (req, res) => new Promise((resolve, reject) => { middleware(req, res, (result) => { if (result instanceof Error) { return reject(result); } return resolve(result); }); }); } const cors = initMiddleware( // You can read more about the available options here: https://github.com/expressjs/cors#configuration-options Cors({ // Only allow requests with GET, POST and OPTIONS methods: ["GET"], }) ); export default async function handler(req, res) { // Run cors await cors(req, res); // Rest of the API logic res.json({ message: "Hello Everyone!" }); }

My Nodejs restful service has the following endpoint http://localhost:3000/api/countries. I am using this middleware https://github.com/expressjs/cors. I have cors enabled thus:-

You could also add cors like this and then configure it to only allow requests from your site.

Check out https://github.com/expressjs/cors#configuration-options

The library you're going to use to help fix the CORS errors you've been battling is the cors middleware package. Head to the directory containing your Express application in your terminal, and let's get it installed:

You can add the cors middleware package to your application to help you send the correct CORS response headers from your API endpoints. By default, the headers it sends will allow any web page to make requests to your API, so make sure you check out the configuration options, and at the very least set the origin option so that you are restricting which web pages are able to call your API (unless you’re running an API for public use, in which case this won’t be an issue).

To learn more about CSRF. Go here Consider using csurf

Additionally, I don't mean to offend you, but I doubt your bot will be "secure" if you don't have the appropriate knowledge and experience of secure programming practices. For example, consider this piece of code from the popular (now deprecated) csurf:

it's looking like express/csurf is archived and deprecated (as of 5 hours ago)... ref

If you use Express, I recommend using the csurf library since it's more robust and flexible compared to what I could show in this example above.

We will use a popular npm package to handle CSRF called csurf.